summaryrefslogtreecommitdiffstats
path: root/routers/admin
diff options
context:
space:
mode:
authorzeripath <art27@cantab.net>2019-11-14 20:06:02 +0000
committerGitHub <noreply@github.com>2019-11-14 20:06:02 +0000
commitae36ed7ecb454e1b43f879b0c40b570a297d4cca (patch)
tree35fcfd2a472f96488ee2b6245ce5129bb18a2021 /routers/admin
parent665ce1dcb36727f46a7261366528fbe68733b6f0 (diff)
downloadgitea-ae36ed7ecb454e1b43f879b0c40b570a297d4cca.tar.gz
gitea-ae36ed7ecb454e1b43f879b0c40b570a297d4cca.zip
Shadow password correctly for session config (#8984)
Fix #8718 This PR shadows passwords in session config correctly by detecting the VirtualProvider, unmarshalling the original config and then shadowing config within that.
Diffstat (limited to 'routers/admin')
-rw-r--r--routers/admin/admin.go26
1 files changed, 17 insertions, 9 deletions
diff --git a/routers/admin/admin.go b/routers/admin/admin.go
index 538d01f9a4..4c4738ae8c 100644
--- a/routers/admin/admin.go
+++ b/routers/admin/admin.go
@@ -6,6 +6,7 @@
package admin
import (
+ "encoding/json"
"fmt"
"net/url"
"os"
@@ -25,6 +26,7 @@ import (
"code.gitea.io/gitea/services/mailer"
"gitea.com/macaron/macaron"
+ "gitea.com/macaron/session"
"github.com/unknwon/com"
)
@@ -207,7 +209,7 @@ func SendTestMail(ctx *context.Context) {
ctx.Redirect(setting.AppSubURL + "/admin/config")
}
-func shadownPasswordKV(cfgItem, splitter string) string {
+func shadowPasswordKV(cfgItem, splitter string) string {
fields := strings.Split(cfgItem, splitter)
for i := 0; i < len(fields); i++ {
if strings.HasPrefix(fields[i], "password=") {
@@ -218,10 +220,10 @@ func shadownPasswordKV(cfgItem, splitter string) string {
return strings.Join(fields, splitter)
}
-func shadownURL(provider, cfgItem string) string {
+func shadowURL(provider, cfgItem string) string {
u, err := url.Parse(cfgItem)
if err != nil {
- log.Error("shodowPassword %v failed: %v", provider, err)
+ log.Error("Shadowing Password for %v failed: %v", provider, err)
return cfgItem
}
if u.User != nil {
@@ -239,7 +241,7 @@ func shadownURL(provider, cfgItem string) string {
func shadowPassword(provider, cfgItem string) string {
switch provider {
case "redis":
- return shadownPasswordKV(cfgItem, ",")
+ return shadowPasswordKV(cfgItem, ",")
case "mysql":
//root:@tcp(localhost:3306)/macaron?charset=utf8
atIdx := strings.Index(cfgItem, "@")
@@ -253,15 +255,21 @@ func shadowPassword(provider, cfgItem string) string {
case "postgres":
// user=jiahuachen dbname=macaron port=5432 sslmode=disable
if !strings.HasPrefix(cfgItem, "postgres://") {
- return shadownPasswordKV(cfgItem, " ")
+ return shadowPasswordKV(cfgItem, " ")
}
-
+ fallthrough
+ case "couchbase":
+ return shadowURL(provider, cfgItem)
// postgres://pqgotest:password@localhost/pqgotest?sslmode=verify-full
- // Notice: use shadwonURL
+ // Notice: use shadowURL
+ case "VirtualSession":
+ var realSession session.Options
+ if err := json.Unmarshal([]byte(cfgItem), &realSession); err == nil {
+ return shadowPassword(realSession.Provider, realSession.ProviderConfig)
+ }
}
- // "couchbase"
- return shadownURL(provider, cfgItem)
+ return cfgItem
}
// Config show admin config page